Why do you need IPv6 Neighbor Solicitation to get the MAC address?

Edwin asked:

I’m a software developer and just got a free book about IPv6 at the Techdays, which I’m reading for fun. They gave it away because it’s a bit of an old book (W2008), so maybe things are different for other/newer OSes, but I don’t understand the necessity for Neighbor Discovery to get the MAC address.

According to the book, every node automatically gets a Link-local IP-address, which is constructed from the MAC-address by inserting FF-FE between the 3rd and 4th bytes and flipping the U/L bit, so that the Link-local IP for a node with a MAC address of 00-AA-00-3F-2A-1C becomes FE80::2AA:FF:FE:3F:2A1C.

To determine the link layer MAC address, a Neighbor Solicitation message is send to the link-local IP address, which replies with a message containing its MAC address… But the sender already knows that, because the MAC is encoded in the link-local IP address. So it sounds like mailing a postcard to somebody asking for their address.

My answer:

Every node automatically generates a link-local address, but:

  • That address might not be generated with the EUI-64 format specified in RFC 2464. IPv6 addresses may also be cryptographically generated addresses (RFC 3972), temporary privacy addresses (RFC 4941), Microsoft’s nonstandard random addresses, or in modern operating systems, stable privacy addresses (RFC 7217).

  • An address that looks like it has an EUI-64 interface ID might not actually correspond to the indicated MAC address due to explicit configuration by an administrator.

Because you can’t just “convert the address back” to a MAC address, you must send a Neighbor Solicitation to determine the MAC address.

There are other reasons why Neighbor Solicitations are necessary, as well. Some of these are:

  • Duplicate address detection (RFC 4862). It’s possible that some other host may have (rightly or wrongly) claimed an address that a host wants to use.
  • Neighbor unreachability detection. A lack of response to a Neighbor Solicitation is one indicator that the neighbor is unreachable.

Books are all well and good, but very out of date books may not be so useful. Even IPv6 has had significant revisions in the last ten years. The best source of truth is the relevant RFCs, both the original ones and any that are marked as having updated or obsoleted them. RFCs are specified in sufficient detail to allow conforming implementations to be written. You can learn all the details of neighbor discovery by reading RFC 4861.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.